How to Configure Cisco IPSec VTI?

-
How to Configure Cisco IPSec VTI?

IPSec VTIs (Virtual Tunnels Interfaces) simplifies the configuration of a VPN compared to using crypto maps or GRE IPSec Tunnels. A benefit of using VTIs does not require of tying a configuration to a physical interface, rather allowing bespoke configuration per VTI. You can use a dynamic routing protocol (EIGRP, OSPF etc) or QoS defined per VTI.

 The IPsec VTI allows for the flexibility of sending and receiving both IP unicast and multicast encrypted traffic on any physical interface, such as in the case of multiple paths. 
Traffic is encrypted or decrypted when it is forwarded from or to the tunnel interface and is managed by the IP routing table.
Using IP routing to forward the traffic to the tunnel interface simplifies the IPsec VPN configuration compared to the more complex process of using access control lists (ACLs) with the crypto map in native IPsec configurations. DVTIs function like any other real interface so that you can apply quality of service (QoS), firewall, and other security services as soon as the tunnel is active.

Practical Example of how to configure  IPSec VTI?






This provides a sample configuration for a virtual tunnel interface (VTI) with IP Security (IPSec). This configuration uses RIP version 2 routing protocol to propagate routes across the VTI. With a VTI, VPN traffic is forwarded to the IPSec virtual tunnel for encryption and then sent out of the physical interface. 






=============================================================
Good Luck

Comments

Post a Comment

Popular posts from this blog

Kubernetes 104: Create a 2-node k3s cluster with k3sup

-
Image
Create a 2-node k3s cluster with k3sup Kubenetes-Master   = 192.168.17.5 Kubenetes-Worker  = 192.168.17.6 k3sup machine        = 192.168.1.131 !!!  Allow ssh access between k3sup  & two nodes of kubernetes       and between two nodes of kubernetes. !!!  Install K3SUP: [root@devops ~]# curl -sLSf https://get.k3sup.dev | sh which: no k3sup in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) x86_64 Downloading package https://github.com/alexellis/k3sup/releases/download/0.3.0/k3sup as /tmp/k3sup Download complete. Running as root - Attempting to move k3sup to /usr/local/bin New version of k3sup installed to /usr/local/bin _ _____ | | _|___ / ___ _ _ _ __ | |/ / |_ \/ __| | | | '_ \ | < ___) \__ \ |_| | |_) | |_|\_\____/|___/\__,_| .__/ |_| Version: 0.3.0 Git Commit: 7d954414def98c52ae1f6de08ac5317e4260e673 [root@devops ~]# !!! Install kubernetes master: [root@devops ~]# export SERVE
Read more

Cisco Nexus: Configuration VXLAN.

-
Image
Configuration VXLAN on Cisco Nexus !!! First: Legacy Method: Connect between two servers by Trunk VLAN: Second: VXLAN Method: Connect between two servers by VXLAN Tunnel. First Method:          NXOS-L:  vlan 2  interface Ethernet1/2     switchport access vlan 2     spanning-tree port type edge     no shutdown interface Ethernet1/1    switchport mode trunk    spanning-tree port type network    no shutdown NXOS-R: vlan 2 interface Ethernet1/2    switchport access vlan 2    spanning-tree port type edge    no shutdown interface Ethernet1/1    switchport mode trunk    spanning-tree port type network    no shutdown  Result: ------------------------------------------------------------------------------------------------- Second Method: VXLAN !! NXOS-L: feature ospf  interface Ethernet1/1     no switchport     ip address 10.3.4.3/24     ip router ospf 1 area 0.0.0.0     ip ospf network point-to
Read more

How to configure OSPF on Palo Alto Networks Firewall?

-
Image
How to configure OSPF on Palo Alto Networks Firewall !! Steps: 1- Create Virtual Router. 2- Create three Zones (Site A – Site B – Site C). 3- Create security rule allow (ping) between Site A & Site C. 4- Create OSPF routing protocol on two firewalls. -------------------------------------------------------------------------------------------                                                                     PaloAlto - 1 1- Create Virtual Router (VR-1) PaloAlto-1 2- Create Zones PaloAlto-1: 3- Assign Interfaces PaloAlto-1: 4- Create rule allow (ping) and deny other 5- Apply OSPF between two interfaces (eth ½ - eth 1/1) Show routing table on Palo-Alto-1: ====================================================================                                                                PaloAlto - 2 1- Create Virtual Router (VR-1) PaloAlto-2 2- Create Zones PaloAlto-2: 3- Assign Interfac
Read more